/*
 *
 */
package com.twp.auth.config.auth;

import com.alibaba.fastjson.JSON;
import com.twp.auth.config.aware.ApplicationContextProvider;
import com.twp.auth.security.MyAccessDecisionManager;
import com.twp.auth.service.RequestUrlService;
import com.twp.common.tuple.ResultDTO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;


/**
 * 此类功能描述
 *
 * @since JDK 1.8
 */
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private RequestUrlService requestUrlService;

    @Autowired
    AuthConfig authConfig;

    public AccessDecisionManager getAccessDecisionManager() {
        MyAccessDecisionManager fsAccessDecisionManager = new MyAccessDecisionManager();
        fsAccessDecisionManager.setRequestUrlService(requestUrlService);
        return fsAccessDecisionManager;
    }


    @Override
    public void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http
                //.anonymous().disable()
                .authorizeRequests()
                .antMatchers(authConfig.getPermitAll()).permitAll()

                .anyRequest()
                .authenticated()
//			.and()
//			.addFilter(filterSecurityInterceptor())
                .withObjectPostProcessor(
                        new ObjectPostProcessor<FilterSecurityInterceptor>() {
                            public <Obj extends FilterSecurityInterceptor> Obj postProcess(Obj fsi) {
                                fsi.setAccessDecisionManager(getAccessDecisionManager());
//               fsi.setSecurityMetadataSource(securityMetadataSource());
                                return fsi;
                            }
                        })
        .and().exceptionHandling().authenticationEntryPoint(getCustomerEntryPoint())
        ;
        // @formatter:on
    }

    @Bean
    protected AuthenticationEntryPoint getCustomerEntryPoint() {
        return new OAuth2AuthenticationEntryPoint();
    }
}
